﻿@{
    Check.User(Can.EditUser);

    var userId = UrlData[0];
    if (!userId.IsInt()) {
        Response.SetStatus(HttpStatusCode.BadRequest);
    }
    
    Validation.Add("RoleId", Validator.Required(), Validator.Regex(@"^\d*$", "Must be a number"));
    var commandText = string.Empty;
    
    var db = Database.Open((string) App.Database);
    commandText = @"SELECT UserName, RoleId FROM Users INNER JOIN webpages_UsersInRoles ON webpages_UsersInRoles.UserId = Users.UserId WHERE Users.UserId = @0";
    var user = db.QuerySingle(commandText, userId);
    if (user == null) {
        Response.Redirect("~/Admin/Users/List");
    }
    commandText = @"SELECT RoleId, RoleName FROM webPages_Roles";
    var roles = db.Query(commandText).Select(r => new SelectListItem {
        Value = r.RoleId.ToString(),
        Text = r.RoleName,
        Selected = r.RoleId == user.RoleId
    });
    if (IsPost) {
        var roleId = Request["RoleId"];
        var newPassword = Request["Password"];
        if (!newPassword.IsEmpty()) {
            var token = WebSecurity.GeneratePasswordResetToken(user.UserName);
            WebSecurity.ResetPassword(token, newPassword);
        }
        if (roleId != user.RoleId) {
            commandText = @"UPDATE webpages_UsersInRoles SET RoleId = @0 WHERE UserId = @1";
            db.Execute(commandText, roleId, userId);
        }
        Response.Redirect("~/Admin/Users/List");
    }   
}
<form method="post">
    <fieldset>
        <legend>Change User Role For @user.UserName</legend>
        @ControlGroup.DropDownList("Select Role", "RoleId", roles, " --Select Role-- ", user.RoleId)
        @ControlGroup.TextBox("New Password: ", "Password")
        @ControlGroup.Button()
    </fieldset>
</form>